Adunatio/internal_lib/permission_parser.py

from flask_login import current_user


def parse_permission(string):
    """
    Parsing permission string
    permission_type{read,delete,write,update,*(for all permissions)}::module_name{module name or for all modules *}::union_id{for all unions *}/item_id{for all items *}
    example string:
    read::payments::union1id/* ->read union1 all payments
    read::payments::union1id/collector1 ->read union1 collector1
    *::users::union2/* -> read, write, update, delete all users for union2
    *::users::union2/user1 -> read, write, update, delete for users1 in union2
    *::*::union2/* -> all permissions for union2
    *::*::*/* -> all permissions like a admin
    :param string:
    :return: dict
    """
    permission_type, module, extras = string.split("::")
    union_id, item_id = extras.split('/')
    read = False
    write = False
    update = False
    delete = False
    if permission_type == '*':
        read = True
        write = True
        update = True
        delete = True
    if permission_type == 'read':
        read = True
    if permission_type == 'write':
        write = True
    if permission_type == 'update':
        update = True
    if permission_type == 'delete':
        delete = True

    return {
        "delete": delete,
        "write": write,
        "read": read,
        "update": update,
        "module": module,
        "union": union_id,
        "item_id": item_id
    }


def control_permission(group, module, perm_type, itemid, unionid):
    for right_string in group.rights:
        right = parse_permission(right_string.strip())
        print(right, right_string, group, perm_type)
        if right.get('module') in ["*", module]:
            return True
        elif right.get('union') in ['*', unionid]:
            return True
        elif right.get(perm_type):
            return True
        elif right.get('item_id') in ['*', itemid]:
            return True
        elif right.get('module') in ["*", module] and right.get('union') in ['*', unionid] and right.get(
                perm_type) and right.get('item_id') in ['*', itemid]:
            return True
    return False


def read_permission(module, qs):
    union_list = []
    for right_string in current_user.group.rights:
        right = parse_permission(right_string)
        if right.get('module') in [module, '*']:
            if right.get('read'):
                if right.get('union') != "*":
                    union_list.append(right.get('union'))

    if len(union_list) > 0:
        if module == 'union':
            qs.filter(id__in=union_list, deleted=False)
        else:
            qs.filter(union__in=union_list, deleted=False)
    return qs


def has_permission(module, obj, reqtype, oid):
    if control_permission(current_user.group, module, reqtype, oid, obj.company):
        return True
    return False
mongo rest api module for flask add requirements.txt flask_views and flask_login create a has_permission and read_permission function 4 years ago			`from flask_login import current_user`


change group permission field create permission parser add flask jwt requirements 4 years ago			`def parse_permission(string):`
			`"""`
			`Parsing permission string`
misspell fix 4 years ago			`permission_type{read,delete,write,update,(for all permissions)}::module_name{module name or for all modules }::union_id{for all unions }/item_id{for all items }`
change group permission field create permission parser add flask jwt requirements 4 years ago			`example string:`
misspell fix 4 years ago			`read::payments::union1id/* ->read union1 all payments`
			`read::payments::union1id/collector1 ->read union1 collector1`
change group permission field create permission parser add flask jwt requirements 4 years ago			`::users::union2/ -> read, write, update, delete all users for union2`
			`*::users::union2/user1 -> read, write, update, delete for users1 in union2`
			`::::union2/* -> all permissions for union2`
			`::::/ -> all permissions like a admin`
			`:param string:`
			`:return: dict`
			`"""`
			`permission_type, module, extras = string.split("::")`
			`union_id, item_id = extras.split('/')`
			`read = False`
			`write = False`
			`update = False`
			`delete = False`
			`if permission_type == '*':`
			`read = True`
			`write = True`
			`update = True`
			`delete = True`
			`if permission_type == 'read':`
			`read = True`
			`if permission_type == 'write':`
			`write = True`
			`if permission_type == 'update':`
			`update = True`
			`if permission_type == 'delete':`
			`delete = True`

			`return {`
mongo rest api module for flask add requirements.txt flask_views and flask_login create a has_permission and read_permission function 4 years ago			`"delete": delete,`
			`"write": write,`
			`"read": read,`
			`"update": update,`
			`"module": module,`
			`"union": union_id,`
			`"item_id": item_id`
change group permission field create permission parser add flask jwt requirements 4 years ago			`}`


			`def control_permission(group, module, perm_type, itemid, unionid):`
			`for right_string in group.rights:`
			`right = parse_permission(right_string.strip())`
			`print(right, right_string, group, perm_type)`
			`if right.get('module') in ["*", module]:`
			`return True`
			`elif right.get('union') in ['*', unionid]:`
			`return True`
			`elif right.get(perm_type):`
			`return True`
mongo rest api module for flask add requirements.txt flask_views and flask_login create a has_permission and read_permission function 4 years ago			`elif right.get('item_id') in ['*', itemid]:`
change group permission field create permission parser add flask jwt requirements 4 years ago			`return True`
mongo rest api module for flask add requirements.txt flask_views and flask_login create a has_permission and read_permission function 4 years ago			`elif right.get('module') in ["", module] and right.get('union') in ['', unionid] and right.get(`
			`perm_type) and right.get('item_id') in ['*', itemid]:`
change group permission field create permission parser add flask jwt requirements 4 years ago			`return True`
			`return False`
mongo rest api module for flask add requirements.txt flask_views and flask_login create a has_permission and read_permission function 4 years ago

			`def read_permission(module, qs):`
			`union_list = []`
			`for right_string in current_user.group.rights:`
			`right = parse_permission(right_string)`
			`if right.get('module') in [module, '*']:`
			`if right.get('read'):`
			`if right.get('union') != "*":`
			`union_list.append(right.get('union'))`

			`if len(union_list) > 0:`
			`if module == 'union':`
			`qs.filter(id__in=union_list, deleted=False)`
			`else:`
			`qs.filter(union__in=union_list, deleted=False)`
			`return qs`


			`def has_permission(module, obj, reqtype, oid):`
			`if control_permission(current_user.group, module, reqtype, oid, obj.company):`
			`return True`
			`return False`